OUR PRIVACY POLICY: HOW WE USE YOUR DATA
Like you, we care about your privacy. This privacy notice explains how, when, where and why we use your information and provides you with advice on your rights in respect of how your information is used.
In this privacy notice “we”, “us” or “our” means:
ASK4 Limited
Devonshire Green House
14 Fitzwilliam Street
Sheffield, S1 4JL
United Kingdom.
We are responsible as ‘the controller’ for the personal information about you that we collect or use and we are responsible for and determine the purposes for which and the means by which your personal information is processed.
If you are accessing our services outside of the UK we may share this responsibility with one of our local branches or group companies, their details are set out at the end of this policy.
This policy does not apply to information we collect as part of our recruitment processes or about our employees, or shareholders.
OUR COLLECTION AND USE OF YOUR PERSONAL INFORMATION
The information we collect about you will depend on how you interact with us and the type of products and services you take. We have explained the different ways we use your personal information below.
INFORMATION WE COLLECT IF YOU BROWSE OUR WEBSITE
Information we collect:
To be able to provide our website, it is necessary that we process certain automatically transmitted information about you so that your browser can display our website and you can use the website. The following information is automatically collected for each visit of our website and stored in our server log files:
Date and time of the visit to our site.
Content of the requirement (concrete page).
Access Status / HTTP status code.
Browser and operating system used.
Language and version of the browser software.
How you interact with our site (such as which areas are clicked on).
We use cookies to make our website available to you. Cookies are text files that are stored in the internet browser or by the internet browser when you visit a website on your computer system, details on the cookies we use are set out in our cookie policy.
We collect information if you register to use our service via one of our websites.
We may also collect information if you post material to our website, complete customer surveys or other forms on our website. The information we collect in this scenario is the personal data provided by you. This normally includes:
Your name.
Your email address in order to send you an answer.
The other information that you send us in the context of your message or survey completion.
How we use your information:
The information collected via browser is necessary to enable you to visit the website, to improve our website and to ensure the security of our website. We do not collect your IP address.
The information we collect when you register for our services will be used as set out in the “If you are using a student, residential or business service” section below.
We will normally use information posted to our website, or collected via surveys or forms, as part of market research and to improve our products and services.
Legal basis for this collection:
Whatever we do with your information, we need a legal basis for doing it. We process your personal data for the technical provision of our website on the following legal grounds:
Where we collect information as part of an enquiry about our service or as part of the registration process for our services, the legal basis for this collection is that it is necessary as part of taking steps, at your request, to enter into a contract.
Where we collect information to make the website technically available to you, this is based on our legitimate interest to offer you an appealing, technically functioning and user-friendly website and to ensure the security of our website.
INFORMATION WE COLLECT IF YOU ARE USING A RESIDENTIAL, STUDENT OR BUSINESS SERVICE
Information we collect about you:
During sign-up or service initiation, we ask for some basic information about you to enable us to provide you with an Internet service. This includes your full name, location, phone number and email address, which can be used to identify you. If we need to take a payment we’ll also collect the necessary information to process this.
We may also collect some information, such as the MAC address, about devices you connect to our service and this may be associated with identifiable information we hold about you.
We also record calls to the help desk for monitoring and training purposes.
How we use your information:
We use this information:
To authorise your access to our network.
To notify you by email when we are undertaking service affecting maintenance.
To confirm your identity when you call our support team.
To deal with support issues you raise.
To take and process payments.
To improve our services but we will aim to use anonymised or aggregated data to do this.
To comply with any legal or regulatory obligations (such as to demonstrate we have billed you and dealt with any complaints correctly).
To ensure our network and services are kept secure.
Where we have appropriate permission under applicable data protection laws, to carry our marketing of our products and services.
To manage our agreement and resolve any disputes relating to it.
Legal basis for this collection:
We rely on the following legal grounds for our collection of personal information as part of the provision of our services:
That it is necessary for the performance of a contract (i.e. so that we can provide, support and bill that service).
We also process your personal data in order to fulfil other legal obligations that we are subject to in connection with the processing of your contract. These include in particular retention periods under telecommunications, or tax law.
We also may process your personal information, to protect our legitimate interests to be able to make legal claims or defend ourselves in legal disputes or prevent or clarify criminal offences.
Where we have assessed that our use of your information would be fair and not override your right to privacy, we may process your personal information as it is in our 'legitimate interests' to use the information in a particular way without your permission (for example, to protect our network against cyber-attacks, to help us grow our business or to develop better products). But when we do this, you may have a right to object.
Where we record calls this will either be based on our legitimate interest to be able to listen to calls for training and quality purposes or your explicit consent depending on the country you call from and the locally applicable data protection laws.
INFORMATION WE COLLECT IF YOU WORK FOR OUR CORPORATE CUSTOMERS
Information we collect:
If you work for a company who receives our services, we will collect contact details, such as your email address and phone number, and information on your job role as part of our day to day dealings with you.
How we use your information:
We use this information:
To administer and provide the services.
When we are preparing for, arranging and carrying out service reviews.
As part of dispatching and managing the payment of invoices relating to the services
To manage our agreement and resolve any disputes relating to it.
To respond and/or raise general queries relating to the services.
To comply with any legal or regulatory obligations.
As part of our market research to understand the market for our services and, where permitted under applicable data protection laws, to contact you about other services you might be interested in.
Legal basis for this collection:
We rely on the legal basis that it is necessary for the performance of a contract or in order to take steps at your request of you prior to the entry of the contract. We may also have a legal basis to use this information to protect our legitimate interests to be able to make legal claims or defend ourselves in legal disputes.
OTHER TIMES WE COLLECT INFORMATION
We may collect publicly available online information to generate leads and to build up our understanding of the markets we operate in. This information may include personal information such as names, job roles and contact details.
At industry and trade events we may also collect personal information on people who express an interest in our products and services, in accordance with applicable data privacy laws, we may use this information to generate leads.
We may also collect identification documents such as photos or CCTV footage if you visit our premises, particularly secure areas such as our data centre. Identification documents such as photos are used to check people requesting access have the appropriate authorisation and CCTV footage is only used to prevent, detect and investigate unauthorised access. It is only reviewed where such unauthorized access is suspected to have occurred.
In each of these scenarios we have assessed that our use of your information would be fair and not override your right to privacy, accordingly we have a legal basis to process your personal information as it is in our 'legitimate interests' to use the information in a particular way (for example, to protect our network against cyber-attacks, to help us grow our business or to develop better products). But when we do this, you may have a right to object.
If we collect information in other ways we will provide a specific privacy notice for that collection.
WHO WE SHARE YOUR INFORMATION WITH
We share information with the following recipients:
Suppliers
We use companies and individuals to perform functions on our behalf. These third-party service providers may access personal information needed to perform their functions, but may not use it for other purposes. Details of the suppliers we use routinely are set out below:
We share information with payment providers. If we take a card payment as part of the sign up process, the payment is processed by Stripe. If you set up a direct debit, your details will be shared with Smart Debit.
We may use a third party system (Mailjet) to process support notifications
We use Amazon Web Services (AWS) to host our sign-up portal for our student and residential services. They do not store or capture any payment information; all personal data is removed after sign-up is completed.
AWS, Mailjet, Smart Debit and Stripe are regularly risk assessed and subject to written agreements with us setting out how they can use your details to ensure they are compliant with applicable data protection laws. Stripe are based in the US but are subject to suitable relevant safeguards designed to protect your privacy rights and give you remedies in the unlikely event of a misuse of your data, so the information is transferred in accordance with applicable data protection laws.
We may also occasionally employ other companies and individuals to perform functions on our behalf. All these service providers are risk assessed and subject to written agreements with us setting out how they can use your details to ensure they are compliant with applicable data protection laws.
You can ask us to demonstrate that these data transfers are carried out in a compliant manner unless doing so would undermine the security of the data.
Service providers
If you are having issues accessing or using a particular third party’s service, we may share your information with that provider so we can jointly resolve the issue you are having. If you don’t wish us to do this just let us know.
Accommodation providers
If you are a student customer, we may share your name and location with your accommodation provider in relation to your open or closed support tickets. We may also share these details with them if we anticipate that your service experience is impacted by something and we’re unable to reach you so your accommodation provider can also reach out to you and both parties can ensure you receive a good service. We require all accommodation providers to handle this information securely and only to help resolve your issue or to understand the issues students are commonly facing.
Law enforcement agencies
We will share your data with law enforcement, other authorities or authorised third parties if required by applicable law or applicable court order or where we feel a criminal act is being committed.
Other group companies
We will share information across different parts of our group as part of the administration of our business. If we share our data with a company in a different country we will ensure that this is carried out in accordance with applicable data protection laws.
A new business owner
If there is a change (or expected change) in who owns us or any of our assets, we might share personal information with the new (or prospective) owner. If we do, they will have to keep it confidential.
HOW LONG WE KEEP YOUR DATA FOR
When you visit our website
When using our website for information purposes only, we store your personal data on our servers exclusively for the duration of your visit to our website. After you have left our website, your personal data will be deleted immediately but non-identifiable information may be retained for a longer period.
Cookies installed by us are usually also deleted after leaving our website. However, this does not apply to Google Analytics. These remain stored for the duration of 24 months. You also have the option to delete cookies yourself at any time.
If you are a customer
If you’re a customer, we need to retain your data while you are a customer of ours so that we can provide you with our services. We also keep your personal information, other than payment records, for 21 months after you cease to be a customer. We retain your data to:
Allow us to complete financial audits.
Identify returning customers.
For product and trend analysis.
To meet and demonstrate our compliance with our legal and regulatory obligations.
To ensure that we can defend and manage any legal claims.
We retain payment records for 7 years after the date the payment was made. This information only contains your name and transaction details.It is retained for financial auditing purposes and to ensure that we can defend and manage any legal claims or disputes in respect of those payments.
If you work for a corporate customer we’ll keep your personal information whilst we manage your account and for the duration of the limitation period thereafter which is normally up to 6 years after we have ceased providing your service.
Prospective customers
If you’re a prospective customer or enquire about our services we’ll process your details whilst we deal with your enquiry and we’ll keep you on our marketing list for 2 years unless you object to this.
HOW WE KEEP YOUR INFORMATION SECURE
We have taken technical and organisational measures to ensure data security. Among other things, these measures serve to prevent unauthorised access to the technical equipment used by us and ensure the protection of your personal information against unauthorised access by third parties. In order to prevent unauthorised access by third parties to your personal data, communication with our website is encrypted.
The technical and organisational measures are constantly being developed and adapted to the current industry best practice.
YOUR RIGHTS
You have a number of important rights under applicable data protection legislation.
In summary, those include rights to access to your personal information, to ask us to correct or delete the information which we hold. We have provided more detail on each right below.
We may ask you for proof of identity when making a request to exercise any of these rights so we know we’re dealing with the right individual.
We’ll not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we’ll inform you before proceeding with your request.
We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests.
We may not always be able to do what you have asked, for example, we might not be able to provide you information where to do so would impact on another person’s right of privacy or delete information where we have a legal obligation to retain it.
Accessing personal information
You can ask us to:
Confirm whether or not we have and are using your personal information.
Provide copy of your personal information.
You can also ask us to provide this information in a machine readable form to you or another company but only where we where we use your personal information in order to perform a contract with you, or where we asked for your consent to use your personal information. This right does not apply to any personal information which we hold or process based on our legitimate interest or which is not held in digital form.
Withdrawing consent
Where you have consented to us using your personal information (which generally you don’t have to do) you’ll always have the right to withdraw such consent.
Correcting / erasing personal information
You can ask us to:
Correct inaccurate personal information about you, but we will need to verify the accuracy of it first.
Erase your personal information if you think we no longer need to use it for the purpose we collected it from you.
Erase your personal information. However, you cannot do this where we need the information to perform our contract with you.
We may not always be able to comply with your request, for example, if we need to keep using your personal information in order to comply with our legal obligations or where we may need to use it as part of legal claims.
Restricting our use of personal information
You can ask us to restrict our use of your personal information whilst we investigate if information you think is inaccurate actually is or where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims.
We can continue to use your personal information following a request for restriction if we have your consent to use it; or you need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.
Objecting to use of personal information
You can object to some processing of your data where you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information.
If you raise an objection, we may continue to use the personal information if we can demonstrate that we have compelling legitimate interests to use the information.
Objecting to direct marketing
You can also object to the use of your personal information for direct marketing purposes at any time.
To do this please write to ASK4 Limited, Devonshire Green House, 14 Fitzwilliam Street, Sheffield, S1 4JL or use the unsubscribe function on any communications that are sent to you.
Rights around automated decision making
We don’t currently make any decisions about you based solely by automated means (i.e. with no human intervention) that would produce a legal effect concerning you or significantly affects you.
If we were to make any such decision you may have the right to contest that decision, express your point of view and ask for a human review.
LINKS TO THIRD PARTY SITES
Some sections of our website contains links to the web pages of third parties.
These websites are subject to their own data protection principles. We are not responsible for their operation including the data handling practices of their operators, you should review the privacy statements or policies of those sites before you submit any personal information.
CONTACT INFORMATION
There are many ways you can contact us, including by phone, email, live chat and post. More details can be seen here.
You can also contact our Data Protection Officer at: data-protection@ask4.com.
We hope that we can resolve any query or concern you raise about our use of your information.
If you do not believe we have managed to resolve your query or concern, you also have the right to complain to the data protection regulator. For the UK, that’s the Information Commissioner.
If you live or work in the European Economic Area, you either file a complaint with the local data protection regulator in the Member State where you live or where the suspected the infringement took place.
OUR LEGAL ENTITIES
Our local legal entity responsible for your data if you live and work in...
UK
ASK4 Limited
Spain
ASK4 Spain Limited via its Branch Office:
C/O Jorge Juan, No 30, 2, 28001 Madrid, Spain jointly with ASK4 Limited
Ireland
ASK4 Ireland Limited jointly with ASK4 Limited
Portugal
ASK4 Portugal Limited via its Branch Office:
R. Castilho 39, 8E, 1250-068, Lisboa, Portugal jointly with ASK4 Limited
Poland
ASK4 Poland Limited via its Branch Office:
C/O Domański Zakrzewski Palinka sp. K
Rondo 1 Building - 21st floor
00-124 Warszawa jointly with ASK4 Limited
Germany
ASK4 Germany Limited via its Branch Office:
Leipziger Platz 15 10117 Berlin, Germany jointly with ASK4 Limited
Netherlands
ASK4 Netherlands Limited via its Branch Office Pilotenstraat 39 A, 1059CH Amsterdam jointly with ASK4 Limited
Denmark
ASK4 Denmark Limited via its Branch Office C/O DLA Piper Danmark Rådhuspladsen 4, 4. jointly with ASK4 Limited
Austria
ASK4 Austria Limited jointly with ASK4 Limited